我正在尝试仅使用XML配置的JWT实现的Spring Security,因此避免使用@IBOutlet weak var levelLabel: UILabel!
var refUser:DatabaseReference?
override func viewDidLoad() {
super.viewDidLoad()
refUser = Database.database().reference().child("userInfo");
let userID = Auth.auth().currentUser!.uid
let query = refUser?.queryOrdered(byChild: "userId").queryEqual(toValue: "\(userID)")
query?.observeSingleEvent(of: .value, with: { snapshot in
for child in snapshot.children {
let childSnap = child as! DataSnapshot
var dict = childSnap.value as! [String: Any]
let level=dict["level"] as! String
self.levelLabel.text=level
}
})
}
,并且我希望实现基于无状态REST的实现,因此可以与JWT一起使用,并且仅允许登录网址并限制每个其他网址仅适用于经过身份验证的用户。
我混合使用了注解(即@EnableWebSecurity和xml)来获得结果。
我查找了上述错误的答案,最后发现我需要为我的websecurityconfig类(由于基于xml的配置,我没有此知识)做@PreAuthorize
我的@EnableWebSecurity也包含安全性配置,如下所示,其中“ / Login”是我为授权而公开的控制器:
applicationContext.xml
但是我在实现过程中遇到了错误
<context:component-scan base-package="com.xyz.security.*"/>
<context:annotation-config/>
<mvc:cors>
<mvc:mapping path="/**"
allowed-origins="http://localhost:3000"
allowed-methods="GET, PUT, POST"
allow-credentials="false"/>
</mvc:cors>
<security:global-method-security pre-post-annotations="enabled" />
<security:http use-expressions="true" entry-point-ref="customAuthenticationEntryPoint" auto-config="true">
<security:csrf disabled="true"/>
<security:intercept-url pattern="/Login/**" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:custom-filter before="FORM_LOGIN_FILTER" ref="jwtAuthenticationFilter"/>
</security:http>
<bean id="jwtAuthenticationFilter" class="com.xyz.jwt.JwtAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="jwtAuthenticationSuccessHandler" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="jwtAuthenticationProvider" />
</security:authentication-manager>
当然,我还提供了以下文件,以完全相同地实现
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor<java.lang.Object>' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}
P.S。 :我引用了文章“ http://www.svlada.com/jwt-token-authentication-with-spring-boot/”来实现JWT的过滤器等。